Think your Web security systems are up to snuff? Think again. This year may bring a whole new slew of threats, and your business had better be ready.
From Target's stolen PIN codes to Snapchat's leaked user information, it seems no company is impervious to a data breach. To defend your business in this new age, you need to know the potential threats you face and how to safeguard against them.
That's one reason McAfee Labs, the research division of the cybersecurity software company McAfee, has released a list of what it believes will be the biggest cyber threats for business owners in 2014.
"With target audiences so large, financing mechanisms so convenient, and cyber-talent so accessible, robust innovation in criminal technology and tactics will continue its surge forward in 2014," Vincent Weafer, senior vice president of McAfee Labs, said in a statement. "The emergence and evolution of advanced evasion techniques represents a new enterprise security battlefront, where the hacker's deep knowledge of architectures and common security tactics enable attacks that are very hard to uncover."
Here's what to watch out for in the coming year:
1. Mobile malware
We're all familiar with malware on PCs, but according to McAfee Labs, growth in PC malware was largely flat during 2013. However, malware in Android mobile operating systems grew by 33 percent. McAfee anticipates that even more of these attacks will take place in the coming year. For companies with bring-your-own-device policies in place, this news should be especially alarming, since the report points out that once users unwittingly download malware, their devices will then introduce that malware inside your corporate systems.
2. Virtual currencies
As virtual currencies, like Bitcoin, become more accessible, McAfee expects to see a rise in the number of so-called "ransomware" attacks on mobile devices, in which a hacker holds important data hostage for a fee. In the past, it's been relatively easy to prosecute these types of threats by following the money trail. With Bitcoin, it's much harder to trace. McAfee (unsurprisingly being an anti-malware software provider) suggests keeping anti-malware software current and a comprehensive backup system in place.
3. Social attacks
It's not just hackers getting in on the action. According to McAfee's report, "Both public and private enterprises will also leverage social platforms to conduct 'reconnaissance attacks' against their competitors and rivals, either directly or through third parties." Also, expect to see a rise in more traditional social media attacks, which steal users' authentication credentials or force them to reset their passwords, only to steal those passwords and use them to collect personal information on their contacts. Preventing these attacks, McAfee writes, requires extra vigilance on employees' use of social media platforms. (Check out Inc.'s guide to preventing cyber attacks for more ways to protect yourself.)
4. New PC and server attacks
The programming language HTML5 has become popular for building business's mobile apps. And yet, McAfee reports, it's also extremely vulnerable to attacks that could give hackers full access to a user's device. If you're thinking of building mobile apps with HTML5, McAfee warns, "security will need to be built into these new systems from Day One."
5. Cloud-based attacks
In the report, McAfee likens the cloud to banks. If thieves rob banks because that's where all the money is stored, then hackers will attack the cloud, because, now more than ever, that's where they will find boatloads of data. The report warns, "when a corporate application moves to the cloud, the organization loses visibility of and control over the security profile." According to McAfee, large enterprises will have an easier time demanding that their cloud providers have proper security systems in place. "Smaller consumers of cloud-based services, however, will not," the report says, "and will need to carefully review the provider's often ambiguous user agreement as it relates to security and data ownership."